OK. I found SHA-2 in RFC 4634 (only 3 months old), which refers back to
But I reach a dead-end with PKCS #7 (now RFC 3852). There's no support for
algorithm types (RFC 3279). Also PKCS #1 (now RFC 3447) needs an update for
SHA-2 with RSA encryption (OIDs, etc.).
Did I miss something or do you need help in updating these, since I, and
others too, need them?
At 01:19 PM 10/9/2006 -0400, Russ Housley wrote:
PKCS#7 has been turned over to the IETF for maintenance. The most recent
version is RFC 3852. Since the protocol is more stable than the
cryptographic algorithms, the algorithm discussion appear in separate RFCs.
TLS 1.2 is under development in the IETF. It is being done in such a way
that none of the ciphersuites that have already been defined need to be
updated, including the ones that use AES and the SHA-2 family.
At 01:28 AM 10/7/2006, Alex Alten wrote:
After reading PKCS #1 v2 more closely and SHA-2 is not even in the specs,
therefore OpenSSL PKCS #7 functions won't support SHA-2. This spec was
last updated in 1998.
PKCS Editor, is there a new update in progress by RSA Labs to incorporate
SHA-2 and AES?
Does OpenSSL implement PKCS #1 v2 or just v1.5? If the latter then not even
SHA-1 is supported.
PKCS editor, is there any timeline as to when PKCS #7 will then be updated
with references to official OIDs, etc., for specifying SHA-2 and AES?
Dr. Ron Rivest, are you going to publish new message-digest IETF RFCs for
and SHA-2? (So that they can be referenced by an updated PKCS #7.)
Mr. Russ Housley, can you weigh in with what happening in the IETF WG
area? I know that Mr. Eric Rescorla is working on a new TLS v1.2
draft. Will this
be done/ratified soon? I assume OpenSSL will incorporate this soon
This mess with the MD5 and SHA-1 hashes is really starting to becoming a
It's certainly impacting new development projects/products I'm involved
SSL and PKI certificates. My customers are concerned about using MD5 and
SHA-1, and they don't want to keep paying for implementations repeatedly
standards catch up to reality. Updating these various heavily used standards
quickly is quite important.
Sincerely (and thanks in advance for all of your replies),
At 09:05 AM 10/6/2006 -0700, Alex Alten wrote:
Does anyone know if the OpenSSL PKCS #7 functions support AES and SHA-2?
(I assuming OpenSSL 0.9.7 or later.)
Alten Security Engineering, Inc.
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]